Web browsers’ private browsing mode is the first resolution taken by most users to protect their privacy online. But subconsciously they’re aware that the private mode or incognito mode is doing nothing but deleting the browsing activity from their computer. According to past studies, it’s possible to track people’s browsing habits even when privacy mode is enabled.
For concerned, and paranoid users, MIT might have a solution called ‘Veil’. It is a new system developed by the researchers at CSAIL and Harvard University.
MIT explains that even though the web browser may not have any evil intentions, the data used during private browsing can also pass through different processor cores, caches, and even end up on the hard drive of the main memory is full. This could provide room for some determined attacker to find their way to that meant-to-be-private user data.
Veil is not some anonymity network like Tor, it’s designed to add a security layer on top of an existing web browser. There is no software or plugin required, the user can visit Veil’s website while running private mode or using Tor.
When the user visits a site URL through Veil, it fetches an encrypted Veil-version of the site from a server called Blinding server. The site looks exactly the same but adds some decryption code which allows its data to be decrypted only for the time when it’s visible on the screen.
The blinding server also adds some garbage code to every webpage to make the information harder to crack. While the pages seem normal to the user, they’re very different under the hood. An attacker who managed to source some snippets of the decrypted code still won’t know what web page the user visited.
Veil takes security even further by taking pictures of a webpage and serving it to the user. Thus, there is no code to be cracked. It records user’s movement, such as if the user clicks somewhere, and loads the picture of that content.
The system requires the website developers to create a Veil-version of their site. The researchers have already created a compiler that can do the conversion automatically. The modified site can be hosted on the developer’s servers or on a server provided by a third party.
Veil has many advantages, and it doesn’t require any changes in the web browser. In fact, it doesn’t depend on any particular browser. It can help people who generally use public computers or those who want extra privacy. However, it can’t be said whether privacy and encryption would come at the cost of lag and slow loading of websites.